Re: [cas-user] How do to G Suite as a normal SAML SP?

[Richard Frovarp]

I've seen some of those. I guess the part that I'm struggling with is the 
values to enter. G Suite doesn't publish their end points. I can probably grab 
them using SAML Tracer and my existing working integration. I was more 
wondering if someone had a known working configuration so I don't have to guess 
and try multiple times.

On 3/5/20 1:51 PM, Ray Bon wrote:
Richard,

There are some online tools that can get you started, 
https://www.google.com/search?client=ubuntu=fs=saml2+create+metadata=utf-8=utf-8

Ray

On Thu, 2020-03-05 at 19:42 +, Richard Frovarp wrote:

I'm missing something basic in what it is that I need. We have G Suite

setup through the custom bit in CAS. That is conflicting with our other

normal SAML SPs and throwing stack traces. I see that in 5.3, the

version that we are on, the custom bit has been deprecated. What I'm not

able to wrap my head around is how to construct the SP metadata for G

Suite. Do I just monitor the URLs that are currently working to set the

end points? Or is there a better way to do this? I'm used to dealing

with systems that will give me their metadata, rather than having to

construct it.




Any help would be appreciated. Thanks,




Richard




--


Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

I respectfully acknowledge that my place of work is located within the 
ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
WSÁNEĆ Nations.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/aba0e65d40c04a88839bece305353c2210a9b677.camel%40uvic.ca.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/5a3d170f-d0ff-4d07-8207-9c455f22828d%40ndsu.edu.

Re: [cas-user] How do to G Suite as a normal SAML SP?

[Ray Bon]

Richard,

There are some online tools that can get you started, 
https://www.google.com/search?client=ubuntu=fs=saml2+create+metadata=utf-8=utf-8

Ray

On Thu, 2020-03-05 at 19:42 +, Richard Frovarp wrote:

I'm missing something basic in what it is that I need. We have G Suite

setup through the custom bit in CAS. That is conflicting with our other

normal SAML SPs and throwing stack traces. I see that in 5.3, the

version that we are on, the custom bit has been deprecated. What I'm not

able to wrap my head around is how to construct the SP metadata for G

Suite. Do I just monitor the URLs that are currently working to set the

end points? Or is there a better way to do this? I'm used to dealing

with systems that will give me their metadata, rather than having to

construct it.


Any help would be appreciated. Thanks,


Richard


--

Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

I respectfully acknowledge that my place of work is located within the 
ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
WSÁNEĆ Nations.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/aba0e65d40c04a88839bece305353c2210a9b677.camel%40uvic.ca.

[cas-user] How do to G Suite as a normal SAML SP?

[Richard Frovarp]

I'm missing something basic in what it is that I need. We have G Suite 
setup through the custom bit in CAS. That is conflicting with our other 
normal SAML SPs and throwing stack traces. I see that in 5.3, the 
version that we are on, the custom bit has been deprecated. What I'm not 
able to wrap my head around is how to construct the SP metadata for G 
Suite. Do I just monitor the URLs that are currently working to set the 
end points? Or is there a better way to do this? I'm used to dealing 
with systems that will give me their metadata, rather than having to 
construct it.

Any help would be appreciated. Thanks,

Richard

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/376aee22-5c98-3e7e-4ac4-5e6c22d9e1f6%40ndsu.edu.

Re: [cas-user] regex for logoutUrl

[Ray Bon]

Adrian,

If logout URL is not set in service definition, the one passed to cas during 
login is used.
How would cas know where to send the logout request with a regex?

What is the use case with regard to OIDC that a regex might be useful?

Perhaps allow for a list of URLs.

I am not familiar enough with other CAS clients but the java cas client uses 
filters to check incoming requests. Thus, the actual target URI does not matter 
(path, parameters, etc).

Ray

On Thu, 2020-03-05 at 09:26 -0800, gonzalad na wrote:
Hello,

I'm a new CAS User (CAS 6.1.4), I'm using OIDC for logout.

Is there a way to use a regex as logoutUrl (in the same way it's possible to 
use a regex for the serviceId ?)

If not is it possible to contribute to have this feature in CAS ?

I suspect a simple change in OidcLogoutEndpointController 
(https://github.com/apereo/cas/blob/d8552017af435e5894006efb64922f50e107349a/support/cas-server-support-oidc-core-api/src/main/java/org/apereo/cas/oidc/web/controllers/logout/OidcLogoutEndpointController.java#L70-L75)
 should do the trick.

But this would impact existing CAS users.

wdyt ?

Thanks very much,
Adrian

--

Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

I respectfully acknowledge that my place of work is located within the 
ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
WSÁNEĆ Nations.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/62e1a4c4d205153d1dce433fec283405c15fd1e0.camel%40uvic.ca.

[cas-user] can we do a page redirection in login-webflow.xml

[Priyambada Madala]

We need to redirect a particular page with CredentialExpiredException . 
Is there a way we can do so. 
I use cas apereo 5.1.2 version 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/2cff7fbd-574d-42e7-8da9-0e152ab30024%40apereo.org.

[cas-user] regex for logoutUrl

[gonzalad na]

Hello, 

I'm a new CAS User (CAS 6.1.4), I'm using OIDC for logout.

Is there a way to use a regex as logoutUrl (in the same way it's possible 
to use a regex for the serviceId ?)

If not is it possible to contribute to have this feature in CAS ?

I suspect a simple change in OidcLogoutEndpointController (
https://github.com/apereo/cas/blob/d8552017af435e5894006efb64922f50e107349a/support/cas-server-support-oidc-core-api/src/main/java/org/apereo/cas/oidc/web/controllers/logout/OidcLogoutEndpointController.java#L70-L75)
 should 
do the trick.

But this would impact existing CAS users.

wdyt ?

Thanks very much,
Adrian

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/433811a6-aa75-4808-b7ae-b57163a037bf%40apereo.org.

[cas-user] Upgrade from CAS 6.0 to CAS 6.1 principal.getAttributes() problem

[Boubaker Idir]

Hello guys, I'm new to CAS and I want to upgrade from CAS 6.0 to CAS 6.1
but I have this issue:
org.springframework.webflow.execution.ActionExecutionException:
Exception thrown
executing org.apereo.cas.web.flow.login.
SendTicketGrantingTicketAction@64b754e7 in state 'sendTicketGrantingTicket' of
flow 'login' -- action execution attributes were 'map[[empty]]'



For CAS 6.0 everything works fine, I can sign in with the login and the
password but when upgrading to CAS 6.1, I get that issue.
I found out that the *getAttributes()* method of the *Principal.java* class
changed the return type from *Map*  to *Map>*
and also *collectAttributesForLdapEntry(final LdapEntry ldapEntry, final
String username**)* method changed the return type in the
LdapAuthenticationHandler.java class

Looking at the logs I saw this:


Does someone had the same problem when upgrading to CAS 6.1 version?
Thank you in advance

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAFo8KS18R_OmSV--Ahgc5w2R%2Bz-Way6%2Bi-rUXyCGNrWg9NzJjg%40mail.gmail.com.

[cas-user] Upgrade from CAS 6.0 to CAS 6.1 principal.getAttributes() problem

[BobId]

Hello guys, I'm new to CAS and I want to upgrade from CAS 6.0 to CAS 6.1 
but I have this issue:
org.springframework.webflow.execution.ActionExecutionException: Exception 
thrown executing org.apereo.cas.web.flow.login.
SendTicketGrantingTicketAction@64b754e7 in state 'sendTicketGrantingTicket' 
of flow 'login' -- action execution attributes were 'map[[empty]]'



For CAS 6.0 everything works fine, I can sign in with the login and the 
password but when upgrading to CAS 6.1, I get that issue.
I found out that the *getAttributes()* method of the *Principal.java* class 
changed the return type from *Map*  to *Map>*
and also *collectAttributesForLdapEntry(final LdapEntry ldapEntry, final 
String username**)* method changed the return type in the 
LdapAuthenticationHandler.java 
class

Looking at the logs I saw this: 


Does someone had the same problem when upgrading to CAS 6.1 version?
Thank you in advance

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/622f291a-f99c-42c2-9661-c1e491f3aa5d%40apereo.org.

Re: [cas-user] SPNEGO and MFA Issues

[Matt Elson]

Oops, forgot to mention the CAS version I'm running: 6.1.5.

(Haven't gotten around to seeing if the behavior persists in the 6.2.0 
release candidates, planning to sometime this week.)


Matt

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/3685c0fc-5ba3-d772-dc6d-a9acd7393598%40fastmail.net.

[cas-user] SPNEGO and MFA Issues

[Matt Elson]

Hey all,

We're having issues if we try and use SPENGO w/ MFA (duo in particular 
in our example, haven't tested the others yet, but plan to).


Namely if MFA is triggered on the first service SPNEGO auths to, CAS 
throws the following errors:


2020-03-04 18:07:56,981 WARN 
[org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver] 
- Transition definition cannot be found for event mfa-duo>
2020-03-04 18:07:56,981 DEBUG 
[org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver] 
- 


And then throws a stack trace and fails authentication. MFA works fine 
w/ LDAP authentication, and if the initial service SPNEGO auths to is 
*not eligible for MFA*, SPNEGO works fine (and subsequent services will 
trigger MFA w/o a problem).


I see an old post 
(https://groups.google.com/a/apereo.org/forum/#!topic/cas-user/CtKiXHXBMxU) 
that sounds identical to my issue and it looks like a bug was opened 
regarding it, but I can't find any further follow up.


Any thoughts? My guess is it is related to SPNEGO webflow (as previous 
post notes it seems to go straight to SEND_TICKET_GRANTING_TICKET on 
success) given the behavior.


Thanks in advance for any help!

Matt Elson

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/2472a617-c3c6-fbd0-8a25-cd7e0cee8d2a%40fastmail.net.